<?php

session_start();
include('db_connect.php');
$referer = 'http://localhost/planmytrip/create_provider_account.php';
$time = 5 * 60;
if (isset($_SESSION['token']) && isset($_SESSION['time']) && isset($_POST['token'])) {
    if ($_SESSION['token'] == $_POST['token']) {
        if ($_SESSION['time'] >= ( time() - $time)) {
            if ($_SERVER['HTTP_REFERER'] == $referer) {
                $name = mysql_real_escape_string($_POST['name']);
                $login = mysql_real_escape_string($_POST['login']);
                $passwd = hash("sha512", $_POST['passwd']);
                $req = 'INSERT INTO providers VALUES (NULL, "' . $name . '", "' . $login . '", "' . $passwd . '")';
                mysql_query($req) or die('Unable to register you');
                $req2 = 'SELECT id FROM providers WHERE login = "' . $login . '"';
                $res2 = mysql_query($req2) or die('Unable to retrieve your identity');
                mysql_close();
                $rec = mysql_fetch_assoc($res2);
                $id = $rec['id'];
                $_SESSION['connect'] = true;
                $_SESSION['id'] = $id;
                $_SESSION['name'] = $name;
                $_SESSION['token'] = ' ';
                unset($_SESSION['token']);
                $_SESSION['time'] = ' ';
                unset($_SESSION['time']);
                die('OK');
            }
        } else {
            die('timeout');
        }
    }
}
die('XSRF');
?>
